internal static void ValidateCertificate(ExchangeCertificate certificate, bool skipAutomatedDeploymentChecks) { ExchangeCertificateValidity exchangeCertificateValidity = ManageExchangeCertificate.ValidateExchangeCertificate(certificate, true); if (exchangeCertificateValidity != ExchangeCertificateValidity.Valid) { throw new FederationCertificateInvalidException(Strings.CertificateNotValidForExchange(certificate.Thumbprint, exchangeCertificateValidity.ToString())); } if (string.IsNullOrEmpty(certificate.SubjectKeyIdentifier)) { throw new FederationCertificateInvalidException(Strings.ErrorCertificateNoSKI(certificate.Thumbprint)); } if (!skipAutomatedDeploymentChecks && !certificate.PrivateKeyExportable) { throw new FederationCertificateInvalidException(Strings.ErrorCertificateNotExportable(certificate.Thumbprint)); } if (!string.Equals(certificate.GetKeyAlgorithm(), WellKnownOid.RsaRsa.Value, StringComparison.OrdinalIgnoreCase)) { throw new FederationCertificateInvalidException(Strings.ErrorCertificateNotRSA(certificate.Thumbprint)); } if (TlsCertificateInfo.IsCNGProvider(certificate)) { throw new FederationCertificateInvalidException(Strings.ErrorCertificateNotCAPI(certificate.Thumbprint)); } if ((ExDateTime)certificate.NotAfter < ExDateTime.UtcNow && (ExDateTime)certificate.NotBefore > ExDateTime.UtcNow) { throw new FederationCertificateInvalidException(Strings.ErrorCertificateHasExpired(certificate.Thumbprint)); } }
internal static void EnsureValidExchangeCertificate(X509Certificate2 cert, bool ignoreAccessible) { ExchangeCertificateValidity exchangeCertificateValidity = ManageExchangeCertificate.ValidateExchangeCertificate(cert, ignoreAccessible); if (exchangeCertificateValidity != ExchangeCertificateValidity.Valid) { throw new CertificateNotValidForExchangeException(cert.Thumbprint, exchangeCertificateValidity.ToString()); } }
public static void ValidateCertificate(ExchangeCertificate certificate, DateTime?futurePublishDate, bool skipAutomatedDeploymentChecks, Task.TaskErrorLoggingDelegate writeError) { if (writeError == null) { throw new ArgumentNullException("writeError"); } if (certificate == null) { return; } try { ExchangeCertificateValidity exchangeCertificateValidity = ManageExchangeCertificate.ValidateExchangeCertificate(certificate, true); if (exchangeCertificateValidity != ExchangeCertificateValidity.Valid) { writeError(new TaskException(Strings.CertificateNotValidForExchange(certificate.Thumbprint, exchangeCertificateValidity.ToString())), ErrorCategory.InvalidArgument, null); } if (!skipAutomatedDeploymentChecks && !certificate.PrivateKeyExportable) { writeError(new TaskException(Strings.ErrorCertificateNotExportable(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null); } if ((ExDateTime)certificate.NotAfter < ExDateTime.UtcNow) { writeError(new TaskException(Strings.ErrorCertificateHasExpired(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null); } if ((ExDateTime)certificate.NotBefore > ExDateTime.UtcNow) { writeError(new TaskException(Strings.ErrorCertificateNotYetValid(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null); } if (futurePublishDate != null && futurePublishDate != null && (ExDateTime)certificate.NotAfter <= (ExDateTime)futurePublishDate.Value.ToUniversalTime()) { writeError(new TaskException(Strings.ErrorAuthNewCertificateExpire(certificate.Thumbprint)), ErrorCategory.InvalidArgument, null); } } catch (CryptographicException innerException) { writeError(new TaskException(Strings.ErrorFailedToValidateCertificate(certificate.Thumbprint), innerException), ErrorCategory.InvalidArgument, null); } }